Author: John McDermott

The Mirai Botnet and My Old Advice

Security expert and writer Brian Krebs was the victim of a distributed denial of service attack that used the Mirai botnet. His site discusses the source code used on the compromised computers. Others have provided analysis of the code. The software is used to infect Internet of Things or IoT devices. Examples include webcams, DVRs, […]

Improve Your Security with Two-Factor Authentication

Two-step or two-factor authentication provides better security than a single factor. For instance, a fingerprint and PIN is stronger than either alone. Security professionals generally divide authentication techniques into three categories: something you have, something you know, and something you are. Corresponding examples would be a token or an app on a smartphone, a password, and […]

How to Test File Permissions with Bash

Recently, I posted about basic permissions for Linux files; now let’s look at how to access those in a shell script. Testing file permissions is an essential part of enforcing an access control policy. Two common ways to test files for readability, writability, zero size and so forth are the if and the test. For […]

How to Verify Windows File Integrity with Hashes

As I write this, I am developing a skill (app) for Amazon’s Alexa voice service. A couple of days into the development I thought I’d accidently corrupted a critical file. Fortunately, I hadn’t, but it reminded me of the practice of discovering file changes by comparing file hash values against a baseline. The basic idea […]

Unleashing Wireshark’s Powerful Follow TCP Stream Feature

In security courses such as Learning Tree’s System and Network Security Introduction, we often hear about the insecurity of protocols such as Telnet. These older protocols send their data – including login credentials – over the network in the clear. While ssh, a secure alternative to Telnet, is used in many applications today, many sites […]